Displaying 20 results from an estimated 1100 matches similar to: "autorid broken in samba 4.9?"
2020 Apr 09
2
autorid broken in samba 4.9?
Hi all,
Thanks for the replies.
On Thu, Apr 9, 2020 at 3:54 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Good morning Rowland,
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: donderdag 9 april 2020 9:46
> > Aan: samba at
2020 Apr 08
0
autorid broken in samba 4.9?
Sorry, this probably belongs on samba, not -technical, at least for now.
On Wed, Apr 8, 2020 at 1:55 PM Nathaniel W. Turner <nate at houseofnate.net>
wrote:
> I have a configuration that is working correctly with samba 4.8 (in CentOS
> 7.6). When I apply the same basic configuration to a system running samba
> 4.9 (CentOS 7.7), I see a very strange behavior: The ID mapping for
2019 Nov 15
3
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Here's the keytab info:
ubuntu at kvm7246-vm022:~/samba$ sudo klist -ek /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 1)
12 host/KVM7246-VM022 at TC83.LOCAL (etype 1)
12 host/kvm7246-vm022.tc83.local at TC83.LOCAL (etype 3)
12
2019 Nov 20
4
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Your config looks ok, as far i can tell.
This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
As it should spn/hostname.fqdn at REALM nothing wrong with that.
But if i understand it right.
Your server : kvm7246-vm022.maas.local is in REALM : TC83.LOCAL ( NTDOM:TC83 )
But you get TC84 back?.
On the problem server run the following:
dig a kvm7246-vm022.maas.local @IP_of_AD-DC
2020 Jun 17
0
autorid broken in samba 4.9?
I realize I never followed up with this. The problem here turned out to be
that I was doing a "reload" of the samba services (smb, nmb, winbind) to
pick up my ID mapping changes in smb.conf. Switching my test case to do a
"restart" instead resolved the issue.
More details:
The test case basically did the following:
1. Join AD using "realm join --client-software=winbind
2019 Nov 15
2
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Hi all. I?m trying to understand a weird authentication failure:
I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest,
with a bidirectional forest trust.
The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is
running a recent build from git master (f38077ea5ee).
When I test authentication of users in each domain by running ntlm_auth on
the samba server,
2019 Oct 28
5
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
Hi folks,
I'm trying to support a customer with multiple AD forests, and during my
research, I've observed some odd behavior. In my lab tests, it seems like
authentication works for users in all trusted forests, but only if NTLMSSP
is used. When Kerberos ends up being used, authentication only seems to
work for users in the local domain.
Here's the test setup:
- Two Active Directory
2020 Apr 09
0
autorid broken in samba 4.9?
Good morning Rowland,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: donderdag 9 april 2020 9:46
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] autorid broken in samba 4.9?
>
> On 09/04/2020 08:34, L.P.H. van Belle via samba wrote:
> > Show the servers there smb.conf
2019 Nov 19
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
In case you missed the link in the original email, here's the smb.conf:
[global]
kerberos method = secrets and keytab
logging = systemd
realm = TC83.LOCAL
security = ADS
template homedir = /home/%U@%D
template shell = /bin/bash
winbind offline logon = Yes
winbind refresh tickets = Yes
workgroup = TC83
idmap config * : range = 1000000-19999999
idmap config * : backend = autorid
2019 Oct 29
0
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
On 28/10/2019 21:53, Nathaniel W. Turner via samba wrote:
> Hi folks,
>
> I'm trying to support a customer with multiple AD forests, and during my
> research, I've observed some odd behavior. In my lab tests, it seems like
> authentication works for users in all trusted forests, but only if NTLMSSP
> is used. When Kerberos ends up being used, authentication only seems to
2019 Nov 15
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Hi, please run the command:
klist -ek /etc/krb5.keytab and post the output along with the file smb.conf.
how do you access your share?
\\kvm7246-vm022.maas.local\\
<https://lists.samba.org/mailman/listinfo/samba>sharename"
or something like that?
bb.
Il giorno ven 15 nov 2019 alle ore 18:24 Nathaniel W. Turner via samba <
samba at lists.samba.org> ha scritto:
> Hi all.
2019 Nov 15
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
I?m trying to understand a weird authentication failure:
I have two domains (TC83.LOCAL and TC84.LOCAL), each in a diferent forest,
with a bidirectional forest trust.
The samba server kvm7246-vm022.maas.local is a domain member of TC83 and is
running a recent build from git master (f38077ea5ee).
When I test authentication of users in each domain by running ntlm_auth on
the samba server, it is
2019 Nov 20
0
Why is smbd looking for Kerberos principal cifs/host@DOMB when it is a member of DOMA?
Hi Louis,
On Wed, Nov 20, 2019 at 3:27 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Your config looks ok, as far i can tell.
>
> This : "cifs/kvm7246-vm022.maas.local at TC84.LOCAL"
> As it should spn/hostname.fqdn at REALM nothing wrong with that.
>
> But if i understand it right.
>
> Your server : kvm7246-vm022.maas.local is in
2019 Oct 29
3
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
> A) You do not need 'realmd', 'sssd' etc
>
Understood. Using realmd is a convenience, as it automates some
housekeeping, but I'm happy to take it out of the picture for the purposes
of this test, if that's important.
> B) Your smb.conf is incorrectly set up.
>
2019 Oct 29
2
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
I see. =)
I probably should have set the backend to autorid for "*", but I didn't
think the ID mapping really mattered for the specific test I was doing.
The "realm list" output shows the client software as winbind (not sssd) and
the logs show messages from winbindd as it handles the authentication (in
the successful cases), so I think that indicates that winbind is in
2019 Oct 29
0
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
On 29/10/2019 15:59, Nathaniel W. Turner via samba wrote:
> On Tue, Oct 29, 2019 at 11:43 AM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
>> A) You do not need 'realmd', 'sssd' etc
>>
> Understood. Using realmd is a convenience, as it automates some
> housekeeping, but I'm happy to take it out of the picture for the purposes
2019 Feb 23
2
winbind causing huge timeouts/delays since 4.8
> Am 23.02.2019 um 22:23 schrieb Rowland Penny via samba <samba at lists.samba.org>:
>>>>> He also has these:
>>>>>
>>>>> idmap config * : rangesize = 1000000
>>>>> idmap config * : range = 1000000-19999999
>>>>> idmap config * : backend = autorid
>>>>>
>>>>> The '*' domain
2019 Oct 29
2
AD domain member cannot authenticate user in remote forest unless smbclient uses "localhost"
Hi Rowland,
On Tue, Oct 29, 2019 at 5:37 AM Rowland penny via samba <
samba at lists.samba.org> wrote:
>
> I am sorry but you seem to be asking on the wrong list, you appear to be
> using sssd (which isn't supported with Samba from 4.8.0), Samba isn't
> doing the authentication.
>
What part of my problem description, or which log entries make you think I
am using
2011 Aug 12
1
samba 3.6: "autorid" has no domain order
Hello,
i try to create a samba server for more then one trusted domain.
I know there were some issues with samba 3.5, and in the internet i
always read, i should use samba 3.4.
So i wanted to give 3.6 a chance.
I first tried autorid with a config like this:
winbind enum users = yes
winbind enum groups = yes
idmap backend = autorid
idmap gid = 100000-1499999
2016 Jan 11
2
Security permissions issues after changing idmap backend from RID to AUTORID
On 2016-01-10 at 17:58 +0000, Rowland penny wrote:
> On 10/01/16 17:05, Partha Sarathi wrote:
> >
> > > This could have a lot to do with the fact that idmap_rid &
> > > idmap_autorid calculate the uids differently i.e if you have RID
> > > '2025000', autorid would calculate this as '1102500000' , rid
> > > would calculate this as